System for adaptation of multiple digital signatures in a distributed network

ABSTRACT

The present invention provides for managing communication of data from Internet-connected devices, such as those devices within an IoT environment. Specifically, the invention provides automated determination of which devices are communicating to which third-party entities and, in some embodiments, the type of data being communicated to such third-party entities. Once such information is known, the third-party entity can be automatically placed into a designated third-party category, which defines the type of data that the third-party entity is authorized to receive. In addition, a user can manage the communications from such devices by selecting to prohibit (i.e., block) or limit, based on data type, which data is communicated to which third-party entities. Additionally, the identity of the third-party entities can be authenticated/verified, such that if the third-party entity cannot be verified, communication of data to that entity is blocked or limited.

FIELD

In general, embodiments of the invention relate to managing communications and, more specifically, managing which entities and what data can be communicated from Internet-connected devices, such as devices within an Internet of Things (IoT) environment.

BACKGROUND

An increasing amount of devices within a residence, a place of business or the like may be capable of wireless connection to the Internet. Moreover, such devices include one or more sensors for capturing data and the data is then communicated, via the Internet, to a third-party entity for various purposes. Such a network environment is commonly referred to as the Internet of Things (IoT). For example, appliances (e.g., televisions, washer/dryer, refrigerators or the like) within a residence may provide for wireless Internet connectivity and may communicate data, such as performance data, warranty data, and the like to third-party entities, such as manufacturers, warranty services, exhaustible part suppliers and the like. Such communication of data by Internet-connected devices typically occurs on a continual automatic basis without the knowledge of the device users. Moreover, the user of the device has no control over which entities data is communicated to and/or what data is communicated to which entities. This can especially problematic in the instance in which a payment token/credential is communicated to merchant (e.g., for replenishing exhaustible parts in an appliance); however, for security reasons, the user does not the payment token/credential communicated along with other data to other third-party entities, such as a manufacturer, a warranty service or the like.

Therefore, a need exists to develop systems, apparatus and the like for allowing a user to customize the communication of data from Internet-connected devices, such as those devices within an IoT environment. Specifically, the desired systems, apparatus and the like should automated determination of which devices are communicating to which third-party entities. Moreover, once such information is known, the desired systems, apparatus and the like should provide for managing the communications from such devices, such that, a user can select to prohibit (i.e., block) or limit which data is communicated to which third-party entities. In addition, the desired systems, apparatus and the like should allow for the user to select additional third-party entities for data communication and select what data or data types are communicated to the additional third-party entities. Moreover, the desired systems, apparatus and the like should provide for authenticating/verifying the identity of third-party entities so that the user can be assured that data is being communicated to the intended third-party entity.

SUMMARY OF THE INVENTION

The following presents a simplified summary of one or more embodiments in order to provide a basic understanding of such embodiments. This summary is not an extensive overview of all contemplated embodiments, and is intended to neither identify key or critical elements of all embodiments, nor delineate the scope of any or all embodiments. Its sole purpose is to present some concepts of one or more embodiments in a simplified form as a prelude to the more detailed description that is presented later.

Embodiments of the present invention address the above needs and/or achieve other advantages by providing apparatus, systems, computer program products, for managing the communication of data from Internet-connected devices, such as those devices within an IoT environment. Specifically, the invention provides automated determination of which devices are communicating to which third-party entities and, in some embodiments the type of data being communicated to such third-party entities. Moreover, once such information is known, a user can manage the communications from such devices by selecting to prohibit (i.e., block) or limit, based on data type, which data is communicated to which third-party entities. Additionally, the invention provides for authenticating/verifying the identity of the third-party entities, such that if the entity cannot be verified, communication of data to the unverified entity is blocked. In addition, customized management allows for the user to select additional third-party entities for data communication and select what data or data types are communicated to the additional third-party entities.

A system for managing communications defines first embodiments of the invention. The system includes a plurality of devices associated with a user. Each of the devices are connected to the Internet and are configured to periodically, on an ongoing basis, communicate data associated with the device to one or more entities. The system additionally includes a computer platform including a memory and at least one processor in communication with the memory and a communications management module stored in the memory and executable by the processor. The communications management module includes a device polling sub-module that is configured to poll the plurality of devices to determine which entities each of the devices are communicating the data to. The communications management module additionally includes a communication management sub-module configured to, in response to determining which entities each of the devices are communicating the data to, manage communication of the data from the devices. Managing communication includes blocking transmission of at least a portion of the data communicated from one or more of the devices to at least one of the entities.

In specific embodiments of the system, the communication management sub-module is further configured to establish a plurality of entity categories, wherein each category is associated with an entity type and defines what type of data can be communicated to entities residing in the category. In such embodiments of the system, managing communication includes determining which entity category each of the entities belong to and placing each of the entities in the determined entity category. Placement of the entity in an entity category automatically manages types of data that can be communicated from the devices to the entities placed in the entity category.

In further specific embodiments of the system, the device polling sub-module is further configured to poll the plurality of devices to determine one or more types of data that are being communicated to each of the determined entities. In such embodiments of the system, the communication management sub-module is further configured to managing communication including blocking transmission of one or more of the types of data communicated from one or more of the devices to at least one of the entities.

In still further specific embodiments of the system, the device polling sub-module is further configured to identify one or more routers through which the plurality of devices connect to the Internet and poll the plurality of devices through the identified one or more routers. In such embodiments of the system, the communication management sub-module is further configured to manage communication of the data from the devices by blocking, at the one or more identified routers, transmission of the at least a portion of the data communicated from one or more of the devices to at least one of the entities.

In other specific embodiments of the system, the polling sub-module is further configured receive a user input that selects one or more of the devices and, in response to receiving the user input, to queries the selected one or more devices as to which entities the selected one or more devices are communicating the data to. In such embodiments of the invention, the communication management sub-module is further configured to manage communication by blocking transmission of the at least a portion of the data by re-configuring settings in the selected one or more of the devices that are communicating data to the at least one of the entities.

In yet other specific embodiments of the system, the communications management module further comprises an entity authentication sub-module that is configured to verify an identity of each of the determined entities. In such embodiments of the system, the communication management sub-module is further configured to, in response to the entity authentication sub-module determining that an identity of an entity cannot be verified, automatically block transmission of all data communicated from the devices to the entity.

Moreover, in further embodiments of the system, the communication management sub-module is further configured to manage communication of data from the devices, wherein managing communication includes adding at least one additional entity that at least one of the devices communicates data to. In such embodiments of the system, the communication management sub-module is further configured to manage communication by identifying one or more types of data to be communicated from the at least one of the devices to the at least one additional entity.

In other specific embodiments of the system, the communication management sub-module is further configured to manage communication of data from the devices by encrypting at least a portion of the data communicated from one or more of the devices to at least one of the entities.

An apparatus for managing communications defines second embodiments of the invention. The apparatus includes a computer platform includes a memory and at least one processor in communication with the memory. The apparatus further includes a communications management module that is stored in the memory and executable by the processor. The communications management module includes a device polling sub-module that is configured to poll a plurality of Internet-connected devices to determine which entities each of the devices are communicating device-related data to. The communications management module additionally includes a communication management sub-module that is configured to, in response to determining which entities each of the devices are communicating the data to, manage communication of the data from the devices. Managing communication comprises blocking transmission of at least a portion of the device-related data communicated from one or more of the Internet-connected devices to at least one of the entities.

A computer program product including a non-transitory computer-readable medium defines third embodiments of the invention. The computer-readable medium includes a first set of codes for causing a computer to poll a plurality of Internet-connected devices to determine which entities each of the devices are communicating device-related data to. The computer-readable medium includes a second set of codes for causing a computer to, in response to determining which entities each of the devices are communicating the data to, manage communication of the data from the devices. Managing communication comprises blocking transmission of at least a portion of the device-related data communicated from one or more of the Internet-connected devices to at least one of the entities.

Thus, systems, apparatus, methods, and computer program products herein described in detail below provide for managing the communication of data from Internet-connected devices, such as those devices within an IoT environment. Specifically, the invention provides automated determination of which devices are communicating to which third-party entities and, in some embodiments the type of data being communicated to such third-party entities. Once such information is known, a user can manage the communications from such devices by selecting to prohibit (i.e., block) or limit, based on data type, which data is communicated to which third-party entities. Additionally automated management of communications can occur, based on what third-party category the third-party entity falls under. Additionally, the invention provides for authenticating/verifying the identity of the third-party entities, such that if the entity cannot be verified, communication of data to the unverified entity is blocked. In addition, customized management allows for the user to select additional third-party entities for data communication and select what data or data types are communicated to the additional third-party entities.

To the accomplishment of the foregoing and related ends, the one or more embodiments comprise the features hereinafter fully described and particularly pointed out in the claims. The following description and the annexed drawings set forth in detail certain illustrative features of the one or more embodiments. These features are indicative, however, of but a few of the various ways in which the principles of various embodiments may be employed, and this description is intended to include all such embodiments and their equivalents.

BRIEF DESCRIPTION OF THE DRAWINGS

Having thus described embodiments of the invention in general terms, reference will now be made to the accompanying drawings, which are not necessarily drawn to scale, and wherein:

FIG. 1 provides a schematic diagram of an exemplary system for managing communications from Internet-connected devices in an Internet-of-Things (IOT) network environment, in accordance with embodiments of the present invention; and

FIG. 2 provides a block diagram of an apparatus for managing communications from Internet-connected devices in an Internet-of-Things (IOT) network environment, in accordance with embodiments of the present invention.

DETAILED DESCRIPTION OF EMBODIMENTS OF THE INVENTION

Embodiments of the present invention will now be described more fully hereinafter with reference to the accompanying drawings, in which some, but not all, embodiments of the invention are shown. Indeed, the invention may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will satisfy applicable legal requirements. Like numbers refer to like elements throughout.

As will be appreciated by one of skill in the art in view of this disclosure, the present invention may be embodied as an apparatus (e.g., a system, computer program product, and/or other device), a method, or a combination of the foregoing. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.), or an embodiment combining software and hardware aspects that may generally be referred to herein as a “system.” Furthermore, embodiments of the present invention may take the form of a computer program product comprising a computer-usable storage medium having computer-usable program code/computer-readable instructions embodied in the medium.

Any suitable computer-usable or computer-readable medium may be utilized. The computer usable or computer-readable medium may be, for example but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device. More specific examples (e.g., a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection having one or more wires; a tangible medium such as a portable computer diskette, a hard disk, a time-dependent access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), a compact disc read-only memory (CD-ROM), or other tangible optical or magnetic storage device.

Computer program code/computer-readable instructions for carrying out operations of embodiments of the present invention may be written in an object oriented, scripted or unscripted programming language such as JAVA, PERL, SMALLTALK, C++ or the like. However, the computer program code/computer-readable instructions for carrying out operations of the invention may also be written in conventional procedural programming languages, such as the “C” programming language or similar programming languages.

Embodiments of the present invention are described below with reference to flowchart illustrations and/or block diagrams of methods or apparatuses (the term “apparatus” including systems and computer program products). It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a particular machine, such that the instructions, which execute by the processor of the computer or other programmable data processing apparatus, create mechanisms for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instructions, which implement the function/act specified in the flowchart and/or block diagram block or blocks.

The computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions, which execute on the computer or other programmable apparatus, provide steps for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. Alternatively, computer program implemented steps or acts may be combined with operator or human implemented steps or acts in order to carry out an embodiment of the invention.

According to embodiments of the invention described herein, various systems, apparatus, methods, and computer program products are herein described for managing communication from Internet-connected devices (e.g., Internet-of-Things (IoT) devices) that communicate device-related information to third-party entities, such as, but not limited to, device manufacturers, warranty services, retailers and the like. The invention provides for polling the devices determine which third-party entities the devices are communicating data to. In specific embodiments of the invention the polling includes determining the type of data that the devices are communicating to the specific third-party entities. In other specific embodiments the polling includes polling one or more routers associated with the devices, such as router(s) as a user's residence or place of work, to determine the third-party entities that the devices are communicating data to.

Once the third-party entities and, in some embodiments the data types being communicated to the third-party entities are known, the invention further provides for managing the communications communicated from the devices to the third-party entities. In some embodiments third-party entity categories may be defined, either by the user or pre-designated, that define the type(s) of data that is authorized to be sent to the third-party entity. In such embodiments of the invention, a third-party entity may be automatically placed in one of the third-party categories, which automatically results in controlling the data that is communicated to the third-party entity. In other embodiments of the invention, a user may access a portal or the like, which allows for the user to observe which third-party entities devices are communicating data to and manage the communications accordingly (i.e., block third-party entities from receiving data, limit the third-party entity to certain data types, add security measures (e.g., encryption, access protection) to the data be being communicated, add additional data types for a third-party entity, add a third-party entity or the like). In other embodiments of the invention, managing the communications may include accessing the Internet-connected devices to re-configure the settings to block and/or limit communication of data to third-party entities.

Additionally, further embodiments of the invention provide for authenticating/verifying the third-party entities to insure that the third-party entities are who they purport to be. In the event that a third-party entity can be authenticated/verified the data communicated to the third-party entity may be blocked or limited.

Referring to FIG. 1, a schematic diagram is provided of a system 100 for managing communication of device-related data 302 from Internet-connected devices 300 to third-party entities 320, in accordance with embodiments of the present invention. The system 100 is implemented in a distributed computing environment via computing network 200, which includes the Internet and may include various sub-nets and/or intranets. System 100 includes apparatus 400 which stores communications management module 410, which is configured to manage the communication of data 302 1-6 being sent from Internet-connected devices 300 1-6 to one or more third-party entities 320. The Internet-connected devices 300 may be devices located within a user's residence or place of business, which connect to the Internet 200 via a router 210. The connection between the router 210 and the Internet-connected devices 300 1-5 may be wireless, as shown or in other instances the connection may be a physical/wired connection. The data 302 that is communicated is generally data associated with the Internet-connected device 300, such as performance data, warranty-related data, consumable accessory data and the like. In this regard, the third-party entities 320 1-3 may be any entity that has a use for such data 302, including, but not limited to, a manufacturer of the device, a warranty service, a retailer (for re-ordering consumable accessories associated with the device or the like) or the like.

In the illustrated embodiment of FIG. 1 the Internet-connected devices 300 include a multipurpose printer 300-1, a smart thermostat 300-2, a refrigerator 300-3, a television 300-4 and a mobile device/smart telephone 300-5, all of which may reside within a user's residence and communicate with the router 210 as the entry point to the Intranet 200. Additionally, the mobile device/smart telephone 300-5 and a vehicle 300-6 may be configured to communicate with the Intranet 200 directly (i.e., absent the router 210), such as through a cellular network or the like. Each of the Internet-connected devices 300 may have need to communicate data 302 to one or more third-party entities 320. For example, the data 302-1 communicated by the multipurpose printer 300-1 may include, but is not limited to, performance data to a manufacturer, warranty data to a warranty service and ink cartridge replacement orders to a retailer or the like. In such instances, the ink cartridge replacement order to the retailer may include a payment token or other payment credentials associated with the user/owner. While the user may desire for the payment token/credentials, such as a credit card account number or the like, to be communicated to a designated retailer, the user may not desire for the payment token/credentials to be communicated to other third-party entities, such as the manufacturer or warranty service.

The communications management module 410 of apparatus 400 includes a device polling sub-module 420 that is configured to poll the Internet-connected devices 300 to determine which third-party entities 320 the Internet-connected devices 300 are communicating data 302 to and, in some embodiments the type(s) of data 302 which the third-party entities 320 are receiving. In specific embodiment a user may interface with the communications management module 410, through a portal or the like, to identify their related Internet-connected devices 300 and, in some instances the user may also identify, if the user is aware, the third-party entities 320 and the type(s) of data 302 communicated the those third-party entities 320. However, in most instances, the user will be unaware of which third-party entities 320 are receiving the data 302 and unaware of the type of data 302 being received by the third-party entities 320. In which case, the device polling sub-module 420 is instrumental in determining/identifying the third-party entities 320 which are receiving data and, in specific embodiments, the type or types of data 302 which the third-party entities 320 are receiving. In specific embodiments of the invention, the device polling sub-module 420 is configured to poll the Internet-connected devices 300 directly to determine/identify the third-party entities 320 and, in some embodiments, the type(s) of data 302 being communicated to the third-party entities 320. While in other embodiments of the invention, the device polling sub-module 420 is configured to poll the router 210 to determine/identify third-party entities 320 and, in some embodiments, the type(s) of data 302 being communicated to the third-party entities 320. In accordance with embodiments of the present invention, polling the router 210 may additionally provide for identifying Internet-connected devices 300 in those instances in which a user has not identified an Internet-connect device 300, such as a newly acquired Internet-connected device 300 or the like.

Communications management module 410 additionally includes communications management sub-module 430 that is configured to, in response to determining which third-part entities 320 each of the Internet-connected devices 300 are communicating the data 302 to, manage communication of the data 302 from the Internet-connected devices 300. In specific embodiments of the invention, managing communication includes blocking transmission of at least a portion of the data 302 communicated from one or more of the Internet-connected devices 300 to at least one of the third-party entities 320. In other specific embodiments of the invention, the communications management sub-module 430 is further configured to block transmission of specified types of data 302 communicated from one or more of the Internet-connected devices 300 to at least one of the third-party entities 320. For example, manufacturers or warranty services may be blocked from receiving payment tokens/credentials or the like.

In specific embodiments of the invention, the sub-module 430 may be configured or the user may configure third-party entity categories, such that a category defines the type(s) of data that a third-party can receive. In such instances, the communications management sub-module 430 may be configured to identify which category each of the third-party entities 320 and place each of the third-party entities 320 in the identified category. Once the third-party entity is placed in a category, the communications management sub-module automatically blocks/filters data type(s) that are not configured for transmission to a third-party entity 320 residing in that particular category.

In other embodiments of the invention, a user may access a portal or the like associated with the communications management sub-module 430 to configure data communications to each of the identified third-party entities 320. Such configuration may include blocking all transmissions to one or more third-party entities 320 or identifying which type of data 302 is authorized to be communicated to a specific third-party entity. In other embodiments of the invention, the user may configure the sub-module 430 to notify/alert the user, via text message or the like, each time a specified Internet-connected device attempts a data communication or each time a specified third-party entity is designated for data communication or each time a specified data type (e.g., payment token/credentials) is designated for data communication. In this regard, the communications management sub-module 430 may allow for dynamic communications management by the user on either a per-device basis, a per-third-party entity basis and/or a per-data type basis.

In further embodiments of the invention, the communications management sub-module 430 is configured to allow users to add additional third-party entities as recipients of data 302 from one or more of the Internet-connected devices 300 and, in certain embodiments, define the type(s) of data that the additional third-party entity is authorized to receive.

Management of communications may occur at the Internet-connected device 300-level and/or at the router 210-level. In this regard, the communications management sub-module 430 may access the Internet-connected devices 300 and reconfigure settings on the Internet connected device 300 that define the third-party entities 320 and, in some embodiments, the type(s) of data 302 that the third-party entities 320 are configured to receive. In such embodiments, the communications management sub-module 430 may access the settings in the Internet-connected device 300 to delete or add a third-party entity 320 and/or delete or add to the type(s) of data 302 that a third-party entity 320 may receive. In other embodiments of the invention, the communications management sub-module 430 may access the router 210 to block transmissions to a third-party entity 320.

Referring to FIG. 2 a block diagram is presented of the apparatus 400, which is configured for managing communication of data from Internet-connected devices to third-party entities, in accordance with embodiments of the present invention. In addition to providing greater detail, FIG. 2 highlights various alternate embodiments of the invention. The apparatus 400 may include one or more of any type of computing device, such as one or more servers, personal computers or the like. The present apparatus and methods can accordingly be performed on any form of one or more computing devices.

The apparatus 400 includes a computing platform 402 that can receive and execute algorithms, such as routines, and applications. Computing platform 402 includes memory 404, which may comprise volatile and non-volatile memory, such as read-only and/or random-access memory (RAM and ROM), EPROM, EEPROM, flash cards, or any memory common to computer platforms. Further, memory 404 may include one or more flash memory cells, or may be any secondary or tertiary storage device, such as magnetic media, optical media, tape, or soft or hard disk. Moreover, memory 404 may comprise cloud storage, such as provided by a cloud storage service and/or a cloud connection service.

Further, computing platform 402 also includes processor 406, which may be an application-specific integrated circuit (“ASIC”), or other chipset, processor, logic circuit, or other data processing device. Processor 406 or other processor such as ASIC may execute an application programming interface (“API”) 408 that interfaces with any resident programs, such as communications management module 410 and routines, sub-modules associated therewith or the like stored in the memory 404 of the apparatus 400.

Processor 406 includes various processing subsystems (not shown in FIG. 2) embodied in hardware, firmware, software, and combinations thereof, that enable the functionality of apparatus 400 and the operability of the apparatus on a network. For example, processing subsystems allow for initiating and maintaining communications and exchanging data with other networked devices, such as those apparatus, databases and repositories shown in FIG. 1. For the disclosed aspects, processing subsystems of processor 406 may include any subsystem used in conjunction with communications management module 410 and related algorithms, sub-algorithms, modules, sub-modules thereof.

Computer platform 402 may additionally include communications module (not shown in FIG. 2) embodied in hardware, firmware, software, and combinations thereof, that enables communications among the various components of the apparatus 400, as well as between the other networked devices. Thus, communication module may include the requisite hardware, firmware, software and/or combinations thereof for establishing and maintaining a network communication connection.

The memory 404 of apparatus 400 stores communications management module 410, which is configured to manage communication of data 302 between Internet-connected devices 300 and third-party entities 320, in accordance with embodiments of the invention. The module 410 includes device polling sub-module 420 that is configured to poll a plurality of Internet-connected devices 300 to determine which entities, such as third-party entities 320 that the devices are communicating device-related data 302 to. In specific embodiment of the invention, the module 410 provides a user-interface, such as a portal, which a user can access to identify their specific Internet-connected devices 300. Identification may include a network path for polling such devices 300, such as an IP address associated with the device or the like. In such embodiments, polling the Internet-connected devices 300 to determine which third-party entities 320 the devices are communicating data 302 to may include determining the IP addresses or some other address that the Internet-connected devices 300 are communicating the data 302 to. Once the IP addresses or other addresses are known, the polling sub-module may be able to decipher the entity from the address (in instances in which the address identifies the entity) or implement an Internet-based lookup table to determine the entity associated with the IP address.

In other specific embodiments of the apparatus, the device polling sub-module 420 is configured to determine the types 422 of data 302 being communicated from the Internet-connected devices 300 to the third-party entities. The types of data may include, but are not limited to, performance data, such as data accumulated from device sensors or the like; user data, such as personal data (e.g., name, address, telephone number) as well as payment tokens/credentials associated with the user (e.g., credit card account numbers or the like) or the like. The type 422 of data 302 may be identifiable within a device's settings or the device polling sub-module 420 may be configured to analyze the payloads of one or more communications being sent to the third-party entities to determine what types 422 of data 302 are being communicated.

In other specific embodiments of the apparatus 400, the device polling sub-module 420 is configured to poll the router 210 or some other gateway device through which the Internet-connected devices 300 gain entry to the Internet 200. In such embodiments of the invention, a user may identify (e.g., provide the IP address or the like) the router 210 located at their residence or place of business and the device polling sub-module 420 may access the router 210 to determine when communications are being sent from the Internet-connected devices 300 and the destinations of such communications (e.g., the IP address or other address in the header of the communications that directly or indirectly identify the recipient (i.e., the third-party entity 320)). Moreover, the type 422 of data 302 may be identified by analyzing the payloads of one or more communications being routed through the router 210 to determine what types 422 of data 302 are being communicated to the third-party entities 320.

The communications management module 410 additionally includes a communications management sub-module 430 that is configured to manage communications 432 of data 302 from the Internet-connected devices 300 to the third-party entities 320. In specific embodiments of the invention, the communications management sub-module 430 is configured to manage the communications 432 by blocking transmission 434 of at all data 438 or a portion of the data 436 that would otherwise be communicated to the third-party entity 320. In those embodiments in which the blocking of transmissions 434 occurs on a portion of the data 436, the portion that is blocked may be based on the type 422 of the data 302. For example, a manufacturer may be blocked from receiving anything but device performance data (i.e., personal/user data is blocked from being transmitted to the manufacturer). In specific embodiments of the invention, the communications management sub-module may access the router 210 to block transmission 434 of data 302, while in other embodiments of the invention, the communications management sub-module 430 may access the Internet-connected devices 300 directly to reconfigure the settings in the device to prevent data 302 from being communicated to a specific third-party entity 320 or prevent one or more specific types 422 of the data 302 from being communicated to a specific third-party entity 320.

As previously discussed, the communications management sub-module 430 may be configured to with third-party entity categories 442 or a user may define third-party entities categories 442 within the module 410. A category 442 defines the type(s) 422 of data 302 that a third-party 320 can receive. In such instances, the communications management sub-module 430 is configured to identify which category 442 each of the third-party entities 320 belong to and place each of the third-party entities 320 in the identified category 442. Once the third-party entity 320 is placed in a category 442, either automatically by the sub-module 430 or via user action, the communications management sub-module 430 automatically blocks/filters data type(s) that are not configured for transmission to a third-party entity 320 residing in that particular category.

In other embodiments of the invention, a user may access a portal or the like associated with the communications management sub-module 430 to configure data communications to each of the identified third-party entities 320. Such configuration may include blocking all transmissions to one or more third-party entities 320 or identifying which type of data 302 is authorized to be communicated to a specific third-party entity. In other embodiments of the invention, the user may configure the sub-module 430 to notify/alert the user, via text message or the like, each time a specified Internet-connected device attempts a data communication or each time a specified third-party entity is designated for data communication or each time a specified data type (e.g., payment token/credentials) is designated for data communication. In this regard, the communications management sub-module 430 may allow for dynamic communications management by the user on either a per-device basis, a per-third-party entity basis and/or a per-data type basis.

The communications management sub-module 430 may also be configured to allow for automatic or user configured security levels or features 446, such as encryption/password protection or the like to be added to data 302 communicated from the Internet-connected devices 300 to the third-party entities. In specific embodiments of the invention, the third-party entity categories 442 may further define security levels or features 446 to be executed on data 302 communicated to the third-party entities 320 in the designated category 442. In other embodiments of the invention, the user may choose which security level or features 446 to apply to chosen third-party entities 320 or to chosen types 422 of data 302 communicated to a chosen third-party entity 320.

In further embodiments of the invention, the communications management sub-module 430 is configured to allow users to add additional third-party entities as recipients of data 302 from one or more of the Internet-connected devices 300 and, in certain embodiments, define the type(s) of data that the additional third-party entity is authorized to receive. Addition of third-party entities 320 may require the communications management sub-module 430 to access the settings in the Internet-connected device 300 to add an additional third-party entity 320 or data type 422.

Additionally, in alternate embodiments of the invention, the communications management module 410 may include an entity authentication sub-module 450 that is configured to verify/authenticate the identity 452 third-entities 320 to insure that the entity is, in fact, who they purport to be. In other words, the entity authentication sub-module 450 is configured to verify that the IP address or other address to which the data 302 is to be communicated to is the actual address of the third-party entity and not a spoofed address or the like. Verification of the IP address or other address may entail accessing a look-up table of verified IP addresses or other address or using other known or future known verification/authentication techniques.

To supplement the present disclosure, this application further incorporates entirely by reference the following commonly assigned patent applications:

U.S. patent application Docket Number Ser. No. Title Filed On 7065US1.014033.2722 To be Enhancing Concurrently assigned Authentication and herewith Source of Proof Through a Dynamically Updateable Biometrics Database 7086US1.014033.2723 To be Resource Tag Concurrently assigned Generation and herewith Resource Valuation for Deployment for Resource Distribution 7089US1.014033.2724 To be System for Real-Time Concurrently assigned Release of Allocated herewith Resources Based on Device Stage 7090US1.014033.2725 To be Security Concurrently assigned Implementation for herewith Resource Distribution 7097US1.014033.2726 To be Security Concurrently assigned Implementation for herewith User Resource Distribution with Peripheral Device 7098US1.014033.2727 To be Intelligent Resource Concurrently assigned Procurement System herewith based on Physical Proximity to Related Resources 7082US1.014033.2728 To be System for Machine- Concurrently assigned Initiated Resource herewith Generation and Customization 7083US1.014033.2729 To be Security Concurrently assigned Implementation for herewith User Resource Distribution

Thus, systems, apparatus, methods, and computer program products described above provide for managing communication of data from Internet-connected devices, such as those devices within an IoT environment. Specifically, the invention provides automated determination of which devices are communicating to which third-party entities and, in some embodiments, the type of data being communicated to such third-party entities. Once such information is known, the third-party entity can be automatically placed into a designated third-party category, which defines the type of data that the third-party entity is authorized to receive. In addition, a user can manage the communications from such devices by selecting to prohibit (i.e., block) or limit, based on data type, which data is communicated to which third-party entities. Additionally, the identity of the third-party entities can be authenticated/verified, such that if the third-party entity cannot be verified, communication of data to that entity is blocked or limited. Moreover, a user can add additional third-party entities for a specified device and define the type of data which may be communicated from the device to the third-party entity.

While certain exemplary embodiments have been described and shown in the accompanying drawings, it is to be understood that such embodiments are merely illustrative of and not restrictive on the broad invention, and that this invention not be limited to the specific constructions and arrangements shown and described, since various other changes, combinations, omissions, modifications and substitutions, in addition to those set forth in the above paragraphs, are possible.

Those skilled in the art may appreciate that various adaptations and modifications of the just described embodiments can be configured without departing from the scope and spirit of the invention. Therefore, it is to be understood that, within the scope of the appended claims, the invention may be practiced other than as specifically described herein. 

What is claimed is:
 1. A system for managing communications, the system comprising: a plurality of devices associated with a user, wherein each of the devices are connected to the Internet and communicate data associated with the device to one or more entities; a computer platform including a memory and at least one processor in communication with the memory; and a communications management module stored in the memory, executable by the processor and including: a device polling sub-module configured to poll the plurality of devices to determine which entities each of the devices are communicating the data to, and a communication management sub-module configured to, in response to determining which entities each of the devices are communicating the data to, manage communication of the data from the devices, wherein managing communication comprises blocking transmission of at least a portion of the data communicated from one or more of the devices to at least one of the entities.
 2. The system of claim 1, wherein the communication management sub-module is further configured to establish a plurality of entity categories, wherein each category is associated with an entity type and defines what type of data can be communicated to entities residing in the category.
 3. The system of claim 2, wherein the communication management sub-module is further configured to manage communication of the data from the devices, wherein managing communication comprises determining which entity category each of the entities belong and placing each of the entities in the determined entity category, wherein placement of the entity in an entity category automatically manages types of data that can be communicated from the devices to the entities placed in the entity category.
 4. The system of claim 1, wherein the device polling sub-module is further configured to poll the plurality of devices to determine one or more types of data that are being communicated to each of the determined entities.
 5. The system of claim 4, wherein the communication management sub-module is further configured to, in response to determining which entities each of the devices are communicating the data to, manage communication of the data from the devices, wherein managing communication comprises blocking transmission of one or more of the types of data communicated from one or more of the devices to at least one of the entities.
 6. The system of claim 1, wherein the device polling sub-module is further configured to identify one or more routers through which the plurality of devices connect to the Internet and poll the plurality of devices through the identified one or more routers.
 7. The system of claim 6, wherein the communication management sub-module is further configured to manage communication of the data from the devices, wherein managing communication comprises blocking, at the one or more identified routers, transmission of the at least a portion of the data communicated from one or more of the devices to at least one of the entities.
 8. The system of claim 1, wherein the device polling sub-module is further configured receive a user input that selects one or more of the devices and, in response to receiving the user input, to queries the selected one or more devices as to which entities the selected one or more devices are communicating the data to.
 9. The system of claim 8, wherein the communication management sub-module is further configured to manage communication of the data from the devices, wherein managing communication comprises blocking transmission of the at least a portion of the data by re-configuring settings in the selected one or more of the devices that are communicating data to the at least one of the entities.
 10. The system of claim 1, wherein the communications management module further comprises an entity authentication sub-module that is configured to verify an identity of each of the determined entities.
 11. The system of claim 10, wherein the communication management sub-module is further configured to, in response to the entity authentication sub-module determining that an identity of an entity cannot be verified, automatically block transmission of all data communicated from the devices to the entity.
 12. The system of claim 1, wherein the communication management sub-module is further configured to manage communication of data from the devices, wherein managing communication includes adding at least one additional entity that at least one of the devices communicates data to.
 13. The system of claim 12, wherein the communication management sub-module is further configured to manage communication of data from the devices, wherein managing communication includes identifying one or more types of data to be communicated from the at least one of the devices to the at least one additional entity.
 14. The system of claim 1, wherein the communication management sub-module is further configured to manage communication of data from the devices, wherein managing communication includes encrypting at least a portion of the data communicated from one or more of the devices to at least one of the entities.
 15. An apparatus for managing communications, the apparatus comprising: a computer platform including a memory and at least one processor in communication with the memory; and a communications management module stored in the memory, executable by the processor and including: a device polling sub-module configured to poll a plurality of Internet-connected devices to determine which entities each of the devices are communicating device-related data to, and a communication management sub-module configured to, in response to determining which entities each of the devices are communicating the data to, manage communication of the data from the devices, wherein managing communication comprises blocking transmission of at least a portion of the device-related data communicated from one or more of the Internet-connected devices to at least one of the entities.
 16. The apparatus of claim 15, wherein the communication management sub-module is further configured to establish a plurality of entity categories, wherein each category is associated with an entity type and defines what type of data can be communicated to entities residing in the category and wherein managing communication comprises determining which entity category each of the entities belong and placing each of the entities in the determined entity category, wherein placement of the entity in an entity category automatically manages types of data that can be communicated from the devices to the entities placed in the entity category.
 17. The apparatus of claim 15, wherein the device polling sub-module is further configured to poll the plurality of devices to determine one or more types of data that are being communicated to each of the determined entities and wherein the communication management sub-module is further configured to, in response to determining which entities each of the devices are communicating the data to, manage communication of the data from the devices, wherein managing communication comprises blocking transmission of one or more of the types of data communicated from one or more of the devices to at least one of the entities.
 18. A computer program product including a non-transitory computer-readable medium, the computer-readable medium comprising: a first set of codes for causing a computer to poll a plurality of Internet-connected devices to determine which entities each of the devices are communicating device-related data to; and a second set of codes for causing a computer to, in response to determining which entities each of the devices are communicating the data to, manage communication of the data from the devices, wherein managing communication comprises blocking transmission of at least a portion of the device-related data communicated from one or more of the Internet-connected devices to at least one of the entities.
 19. The computer program product of claim 18, wherein the second set of codes is further configured to cause the computer to (i) establish a plurality of entity categories, wherein each category is associated with an entity type and defines what type of data can be communicated to entities residing in the category and (ii) determine which entity category each of the entities belong and (iii) place each of the entities in the determined entity category, wherein placement of the entity in an entity category automatically manages types of data that can be communicated from the devices to the entities placed in the entity category.
 20. The computer program product of claim 18, wherein the first set of codes is further configured to cause the computer to poll the plurality of devices to determine one or more types of data that are being communicated to each of the determined entities and wherein the second set of codes is further configured to cause the computer to, in response to determining which entities each of the devices are communicating the data to, manage communication of the data from the devices, wherein managing communication comprises blocking transmission of one or more of the types of data communicated from one or more of the devices to at least one of the entities. 